DE20112350U1 - Arrangement for protecting a security module - Google Patents

Description

The invention relates to an arrangement for protecting a security module, according to the type specified in the preamble of claim 1. Such a security module operates in a potentially unfriendly environment in ATMs, ticket machines, cash registers, electronic wallets, computers for personal use (palmtops, notebooks, organizers), mobile phones and devices that combine several of these functionalities. The security module can be implemented in the form of a postal security module, which is particularly suitable for use in a franking machine or mail processing machine or computer with mail processing function (PC franking machine).

A wide range of security measures are already known to protect against failures or malfunctions of intelligent electronic systems.

G3199-EN

It is already known from EP 417 447 B1 to use special modules in electronic data processing systems and to equip them with means to protect against break-ins into their electronics. Such modules are considered security modules.

Modern franking machines, or other devices for franking postal items, are equipped with a printer for printing the postage stamp on the postal item, with a control system for controlling the printing and the peripheral components of the franking machine, with an accounting unit for calculating postage charges, which are stored in non-volatile memories

&iacgr;&ogr; and a unit for cryptographically securing the postage data. A security module (EP 789 333 A2) can have a hardware accounting unit and/or the unit for securing the printing of the postage data. For example, the former can be implemented as a user circuit ASIC and the latter as an OTP processor (One Time Programmable). A processor-internal memory stores sensitive data (cryptographic keys) in a way that is safe from being read, which is required, for example, to top up credit. Encapsulation in a security housing offers further protection.

To protect a security module from an attack on the data stored in it, further measures have been proposed in DE 198 16 572 A1, entitled: Arrangement for a security module and DE 198 16 571 A1, entitled: Arrangement for access protection for security modules, in EP 1 035 516 A2, entitled: Arrangement for a security module, in EP 1 035 517 A2 and EP 1 035 518 A2, both entitled: Method for protecting a security module and arrangement for carrying out the method, in EP 1 035 513 A2, entitled: Security module with status signaling, and in the German utility model DE 200 20 635 IM, entitled: Arrangement for the power supply for a security area of a device.

To protect a security module, an unplugged detection unit was proposed in EP 1 035 518 A2, which can detect whether the security module is plugged into an interface on the main board of the device and whether the security module is mechanically or chemically attacked or damaged. A circuit state of the detection unit is changed, whereby

G3199-EN

The maintenance of this is ensured by the special battery-powered circuit design. A cable which is laid as a loop around the other functional units of the security module allows the detection of mechanical or chemical damage to the security module if the cable is interrupted. This ground connection is also interrupted when the security module is replaced and the queryable hardware of the unplugged detection unit registers this process as an event. The status of the unplugged detection unit can be queried by the processor.

&iacgr;&ogr; The regular evaluation of a disconnection or unplugged signal provided by the unplugged detection unit enables the processor to delete sensitive data, for example when the security module is removed from the device. This deletes cryptographic keys, for example, without changing the billing and customer data in the other non-volatile memories. The processor can reset the unplugged detection unit after the security module has been plugged in. The ground potential is queried via the cable loop, which is present at the interface connection and can only be queried if the security module is plugged in correctly. However, bridging the cable loop with ground potential is not completely impossible. Knowing the cable routing is only made more difficult by the embedding in a casting compound.

The security module is, for example, plugged into the main board of the meter of the JetMail franking machine. The meter housing is preferably designed as a security housing, but is nevertheless advantageously constructed so that the user can see the status display of the security module from the outside through an opening. Applying the system voltage to the module processor of the security module is sufficient to activate the display in order to be able to read the module status. It is possible to distinguish whether the security module is operational or defective. Even if the security module is functioning, it can signal when a service technician needs to be called or when the system is restarted. A security module can assume various states during its life cycle, but these are only displayed when the meter is in operating state, i.e. when system voltage is applied to the security module. Otherwise the battery of the security module would be discharged.

G3199-EN

module can quickly become exhausted. The battery life should be appropriate to the life cycle and as long as possible. If the franking machine is switched off, there is a power interruption or a system voltage failure, postal register data, cryptographic keys and other sensitive data must be retained and the real-time clock must continue to run. In addition, there are circuit elements for permanent monitoring functions that must continue to run without interruption. This increases the need for available battery power, which reduces the battery life.

&iacgr;&ogr; A replaceable battery was therefore installed on the security module in accordance with EP 1 035 516 A2. The latter can only be replaced when system voltage is present. A voltage monitoring unit with resettable self-holding that can be interrogated by the processor detects a voltage failure or a drop in the battery voltage below a predetermined threshold. However, the voltage monitoring unit has a not insignificant power requirement, which has a corresponding effect when operating on battery power.

Under the title: Method for determining a requirement to replace a component and arrangement for carrying out the method, the unpublished German patent application No. 100 61 665.8 already proposed using a less power-intensive indirect measuring method to determine the remaining battery capacity.

Even short-term battery voltage failures of fractions of a second lead to the immediate blocking of the security module and thus the franking function of the machine becoming unusable. In order to change the battery, the postally secured part of the franking machine had to be opened. For this reason, the German utility model DE 200 20 635 U1 proposed an arrangement for supplying power to a security area of a device using an external battery to increase the battery capacity of the internal battery of the security module. The solution with two batteries is of course more complex and only suitable for large devices. The German utility model DE 200 20 635 U1 already proposed a quick deletion of important cryptographic keys in the static working memory when the battery voltage falls below a limit. However, the power consumption is still high. The number of

G3199-EN

supplying modules or components has even been increased. This is more acceptable for devices with a second external battery, especially since the battery capacity from which the individual modules are fed is then increased. The RAM with the sensitive data is no longer integrated in the processor circuit, but is arranged in the security module as a separate component. If an area of the security module that happens to contain the processor is damaged very quickly, it is possible that some of the sensitive data will not be deleted. Only when all of the sensitive data has been deleted can it be kept secret and an error due to improper handling of the postal security module can be ruled out.

According to the solution proposed in EP 1 035 517 A2, a voltage monitoring unit and an unplugged detection unit already work together, but the deletion of security-relevant data from the main memory located in the microprocessor, which is directly connected to an internal processor bus, is triggered. This means that the above-mentioned disadvantages with regard to the security of deletion and battery power consumption also apply. In addition, the unplugged state should no longer trigger deletion of data.

The invention is based on the object of ensuring the protection of a security module with little effort and thereby overcoming the disadvantages of the prior art.

The object is achieved with the features of the arrangement according to claim 1.

The safety module is arranged in a device in an exchangeable manner, whereby the latter can be selected according to the application. The safety module has at least one main memory, a voltage monitoring unit, an unplugged detection unit and a special circuit that is in communication with the main memory via a BUS. The special circuit contains an I/O interface for establishing a communication connection with the device, which provides a system voltage for the safety module during operation. The latter is powered by a long-life battery when not in operation. The above-mentioned modules without

The long-life battery is enclosed in a potting compound. A membrane is embedded in the latter, with a first and second conductor loop, each of which carries different potentials and is arranged close together on the membrane. An erasure hardware connected to the main memory is equipped to erase security-relevant data (Secure Relevant Data Items) in the SRDI main memory and to prevent data queries via the bus when an erase signal is present. A destruction detection unit is coupled to the first and second conductor loop on the input side and

&iacgr;&ogr; is linked to an output of the voltage monitoring unit via a logical OR circuit in order to provide the extinguishing signal for the extinguishing hardware on a common control line when the destruction detection unit responds due to at least one changed potential in one of the conductor loops or the battery voltage drops below a predetermined limit value.

The invention is further based on the fact that a security module that meets all requirements is created using a fast microprocessor and other partially known functional units. The security module comprises: a microprocessor, a real-time clock (RTC), a program memory, a working memory, two non-volatile memories for booking data, an SRDI working memory (Secure Relevant Data Items) with deletion hardware, a long-life battery, a power management and monitoring unit (Power Manager), event detectors and a special circuit, for example FPGA, which is at least equipped to establish a communication connection with the device using an I/O interface.
The power management and monitoring unit (Power Manager) is equipped with at least one voltage monitoring unit, with interfaces for supplying the system voltage (Main Power Supply Interface) and for supplying the battery voltage (Host Battery Interface). One of the event detectors is the aforementioned destruction detection unit, which is connected to the membrane embedded in the potting compound. Another event detector is a known unplugged detection unit. The event detectors and the power management and monitoring unit are designed to be interrogated by the microprocessor. The voltage monitoring unit or an event detector, preferably the destruction detection unit.

G3199-EN «·*- ?·-·

ity, can use the common control line to cause an electronic switch to apply either operating voltage or erasure voltage or ground potential to the SRDI main memory. A bus driver unit is also controlled via the common control line to decouple the BUS from the SRDI main memory when erasure voltage or ground potential is applied to the SRDI main memory. If the security module is damaged and the battery voltage no longer safely supplies the security module, sensitive data can be lost very quickly and

&iacgr;&ogr; be securely deleted.

The fast processor enables symmetrical and/or asymmetrical encryption methods for different applications. Depending on the application, real-time processing of events as well as recording or booking is possible. A battery in the security module provides the power supply for the real-time clock and for components for non-volatile storage of the user data, for permanent monitoring of all safety-relevant functions and the operational readiness of the security module when the system voltage of the device is switched off. In the event of an error or when the security module is removed, a change in status is stored and can be queried. The status of the security module can also be queried after it has been deleted from the device. An existing display unit on the device or a signaling device on the security module can also be used to signal the status.

Advantageous further developments of the invention are characterized in the subclaims or are described in more detail below together with the description of the preferred embodiment of the invention with reference to the figures. They show:

Figure 1, Block diagram of the security module,
Figure 2, Detail of the known voltage monitoring circuit,
Figure 3, Circuit of the erase hardware for an SRDI memory,
Figure 4, representation of a sensor membrane,
Figures 5a and 5b, circuits of the event detectors.

G3199-EN &Sgr;.. ^# -

·

• · &phgr;··

Figure 1 shows a block diagram of the security module, comprising the following components:

a microprocessor 120 with a real-time clock RTC,

a program memory ROM 128, for example a Flash 512K x32, - a working memory SRAM 121, for example a SRAM 64K x32,
- two non-volatile memories NVRAM I & NVRAM II with 4 Kbyte each,
a SRDI-RAM 122 (Secure Relevant Data Items) with deletion hardware and BUS driver unit 127,
a long-life battery 134, for example a lithium battery,

&iacgr;&ogr; - a power management and monitoring unit (Power Manager) 11 with voltage monitoring unit 12, with interfaces for supplying the system voltage (Main Power Supply Interface) and for supplying the battery voltage (Host Battery Interface),
Event detectors, including a destruction detection unit 15 connected to a membrane 153 embedded in a potting compound 105, and an unplugged detection unit 13,

a special circuit, for example FPGA, 160 with an I/O interface to establish a communication connection with the device.

The device to which the security module is connected supplies a system voltage and optionally a second battery voltage. The security module is operated with system voltage when the device is switched on. The power management unit (Power Manager) 11 has a large number of functional units that ensure the operational capability of the security module with low power consumption even when the device is switched off. The power management unit 11 has a DC/DC converter (not shown) and a voltage regulator (not shown) for the corresponding operating voltages (3V, 5V and 8V), a temperature and voltage monitoring circuit (not shown). The latter two can generate a reset signal. The supplied system voltage is monitored for exceeding or falling below limit values. Within the latter, a DC/DC converter ensures

G3199-EN

for a predetermined operating voltage U _B . A voltage generator ensures the generation of all the necessary voltages that the functional units of the security module require. When the device is switched off, only the real-time clock RTC and the working memory are supplied with battery voltage, in addition to the monitoring circuits and the destruction detection unit. An uninterrupted supply of the battery-operated units has also been reported in DE 200 20 635 111. The latter includes at least one of the post memories, some of the detectors and the SRDI working memory 122. The security module

&iacgr;&ogr; two independent batteries can be connected. The first battery voltage comes from the internal battery 134, which can optionally be supported by a second separate battery.
As an alternative to the internal real-time clock, a separate real-time clock RTC 124 can be connected. The microprocessor 120 is, for example, of the ARM7 type and the separate real-time clock of the EPSON RTC-4543 type. The microprocessor 120 is connected via a BUS to the program memory ROM 128, the main memory SRAM 121, the main memory SRDI-RAM 122 and the special circuit FPGA 160. The bus is shown with wide white arrows. The special circuit FPGA 160 is a user-specific programmed FPGA (one time programmable). The FPGA contains a hardware accounting unit (not shown), a control circuit for two further memories NVRAM I and II and an input/output interface (digital interface of the security module not shown) to the device (not shown). The special FPGA 160 circuit is connected to two non-volatile memories 114 (NVRAM I) & 116 (NVRAM II), which contain, among other things, the postally relevant data. The two non-volatile memories NVRAM I and II are physically separate and implemented using different technologies. They can be accessed by the processor for writing and reading, modified by the FPGA and readable from outside the security module. One of the non-volatile memories is implemented using a mixed EEPROM-SRAM technology, the other is an SRAM using conventional technology.

G3199-EN

- · ISJ ·-·

The supply of the system voltage (Main Power Supply Interface) and the battery voltages to the interface is marked with wide black arrows. Thin black arrows indicate the supply of modules with a corresponding operating voltage from the power management and monitoring unit 11 or from the monitoring unit 12. Thin white arrows indicate query and control lines.

The extinguishing hardware includes some resources of the power management & monitoring unit, a control line CL and a bus driver unit

127. The control lines from the destruction detection unit 15 and the voltage monitoring unit 12 are connected to a common control line CL, which is shown in dashed lines. The units 12 or 15 control an electronic switch S via the common control line CL, which applies either operating voltage Ub or erasure voltage Uc or ground potential Um to the VCC pin of the SRDI main memory 122. This SRDI RAM is not directly connected to the processor bus. All digital signals are routed via driver circuits of the bus driver unit 127, which have outputs that can be switched to high impedance.

This allows the BUS to be decoupled from the SRDI memory 122. The bus driver unit 127 is also controlled by the common control line CL.

The following detector and monitoring units monitor the proper operation of the safety module:

- Voltage monitoring unit 12, which is designed for battery voltage monitoring with self-holding,

- Destruction detection unit 15 for detecting mechanical destruction of the safety module with self-holding,

- Unplugged detection unit 13 (host system loop) with self-holding.

- Temperature sensor and more

- Voltage monitoring units to monitor all voltages in the system, especially the system voltage.

G3199-EN

The first two, when addressed (OR-linked), lead to the deletion of the data in the SRDI memory.

The third detector can only cause a change of state and can be queried by the processor during operation or by the security module program when the system starts.

The temperature sensor monitors the operating temperature of the module and triggers a reset if the temperature falls below or rises above a predetermined value. This also prevents improper use and secures user data. A

A reset is also triggered if the input voltage of the module becomes too small or too large or if the internal operating voltage falls below a certain level. The status of all other voltages can be queried by the system software. The security module contains LEDs (not shown) for status output and is potted with a hard, opaque potting compound 105 in which a sensor membrane 153 is embedded. One of the event detectors, the destruction detection unit 15, is connected to conductor loops of the sensor membrane 153.

Figure 2 shows a detail of the voltage monitoring circuit 12' known from EP 1 035 516 A2, which is connected to a static working memory SRAM 122' via a line 138'. The voltage monitoring unit 12' contains an electronic FET switch 1252', which applies ground potential to the SRDI working memory 122' if required. If the battery voltage falls below a limit value, an operational amplifier 1250' controls the electronic FET switch 1252' via a control line 1251' and the feed point (VCC PIN) for the SRAM 122' from the electronic FET switch 1252' of the monitoring unit 12' is connected to ground via line 138'. The source circuit has a resistor 1254' between the drain of the MOSFET 1252 and a line carrying the operating voltage Ub. This continues to cause a not insignificant power consumption as long as the circuit is still in

G3199-EN

Circuit state of self-holding. The circuit state can be queried by the processor via decoupling diode 1262' and via line 164'.

Figure 3 shows a circuit of the erasure hardware for an SRDI main memory 122. A type BS62LV256TI is preferably used for the SRDI main memory 122. With this type, it is sufficient if ground potential Um is applied to the VCC pin of the SRDI main memory 122 for erasure. Furthermore, the VCC pin of the SRDI main memory 122 is connected to the electronic switch S. The latter is integrated, for example, in the voltage monitoring unit 12 and has a field-effect transistor switch 1252, 1253. The FET switch 1252, 1253 applies either operating voltage U _B or ground potential U _M to the VCC pin of the SRDI main memory 122. When the device is switched off, the system voltage is automatically switched to the battery voltage. The operating voltage Ub then corresponds to the battery voltage. If the battery voltage is above a limit, the transistor 1253 (MOSFET, depletion mode, p-channel) switches operating voltage through to line 138 and the supply point at the VCC pin of the SRDI memory 122 is connected to operating voltage. The SRDI memory 122 then serves as a battery-backed non-volatile memory for safety-relevant data.

If the battery voltage falls below a limit value, the supply point at the VCC pin of the SRAM 122 is connected to ground via line 138 by a transistor 1252 (MOSFET, depletion type, η-channel) of the monitoring unit 12. The additional switching off of the transistor 1253 significantly reduces the current requirement from the battery 134 (Fig. 1).

The BUS driver unit 127 of the erasing hardware ensures the continued operation of the other modules that are also coupled to the bus.
The bus consists of an address bus 111, a data bus 126 and a control bus 119. The output lines 158, 159 of the

G3199-EN

Destruction detection unit 15 can be connected via a wired OR connection. A negator N negates the signal. Alternatively, the destruction detection unit 15 supplies a suitable signal on at least one output line, which is connected to the control line 1251 of the voltage monitoring unit 12 by means of an OR gate to the common control line CL. The OR gate can also be designed as a wired OR connection 1255 in the voltage monitoring unit 12. If the units 12 or 15 detect improper use of the security module, the

&iacgr;&ogr; driver circuits are switched to high impedance and the transistor switch is controlled so that the VCC pin of the SRDI memory is at ground potential U _M. The advantage of this arrangement is that the SRDI memory is completely voltage-free and the data is quickly destroyed, because CMOS circuits are known for being able to supply themselves via their digital inputs. Secondly, the SRDI memory is separated from the processor bus via the drivers so that the latter is not affected in its activity and can continue to work. The detection and the reaction to it works both when operating with system voltage and with battery voltage.

At least one conductor loop surrounds the components or functional units of the security module, which are additionally cast with a casting compound, which is already shown in principle in EP 1 035 518 A2. However, if the exact routing of the cables is known, it is possible to bridge a conductor loop. Knowing the routing of the cables is only made more difficult by the casting compound. In addition, it is provided that not only a short circuit to ground, but also a change in at least one other potential is evaluated. Two conductor loops 151 and 152 are preferably connected to the destruction detection unit 15, which lie next to each other insulated on a sensor membrane 153. The conductor loops 151, 152 carry different voltage potentials. With a suitable routing of the cables, the different voltage potentials are close together. This at least makes it more difficult to intentionally bridge a conductor loop. Any major destruction of the casting compound leads to a destruction.

G3199-EN

disturbance of the line loops 151 and 152 or at least to a detectable change in potential. Bridging the line loops 151, 152 is made even more difficult by a special cable routing.

Figure 4 shows a representation of a sensor membrane using the example of a simple embodiment. Of course, other more complicated embodiments can be chosen. It is only important that the cable routing is chosen in such a way that different γ potentials are close together in a small space, so that bridging of cable sections is made impossible without changing the potentials.

Figures 5a and 5b show circuits for destruction detection. The detection circuit 15a shown in Figure 5a has a voltage divider between a line 156 carrying battery voltage and ground potential, with the resistance of the line loop 151 being connected between the line 156 and a branch 1546 of the voltage divider. A parallel circuit of resistor 1544 and capacitor 1572 is connected between the branch 1546 of the voltage divider and ground potential. The detection circuit 15a is used for line loop monitoring and reacts to a reduction in the voltage potential at the branch 1546 below a first reference voltage value. Such a reduction is caused by a reduction in the insulation from the ground potential in the line loop 151 near the branch 1546 or by creeping high impedance due to a progressive reduction in the line cross-section until the line loop 151 is interrupted.
In principle, the circuit is constructed similarly to the circuit of the voltage monitoring unit 12' already known from EP 1 035 516 A2, which is described in more detail therein.

The battery voltage on line 156 is reduced accordingly at branch 1546 of the voltage divider and compared by a comparator 1550 with the reference voltage of the reference voltage source 1548. If the voltage to be compared is

G3199-EN

branch 1546 is smaller than the reference voltage, a field-effect transistor 1552 receives an &EEgr; level at its control input and is switched through. As a result, the output line 158 is connected to ground potential and the SRDI-RAM 122 is no longer supplied with battery voltage. This leads to the deletion of the data in the SRDI-RAM 122.

Since the line 158 now carries ground potential, the voltage to be compared at the tap 1546 is simultaneously pulled to a value close to 0 V via the diode 1556 and the resistor 1558. As a result, the monitoring circuit 15a changes to a self-holding state in which it also

Î remains when the voltage at tap 1546 is increased and leaves line 158 at ground potential. This state of detection circuit 15a causes an L signal to be applied to line 157 via a decoupling diode 1562, which can be interrogated by processor 120. Decoupling diode 1562 serves to reduce power consumption during battery operation. Processor 120 can reset detection circuit 15a. To do this, an H reset signal is applied to a field effect transistor 1560 via line 155, which is switched through. The voltage at tap 1546 is thus raised above the reference voltage, comparator 1550 switches back and transistor 1552 is blocked. The type ICL7665SAIBA is suitable as comparator 1550.

The detection circuit 15b shown in Figure 5b has a voltage divider between a line 156 carrying battery voltage and ground potential, with a parallel circuit of capacitor 1573 and the resistor of the line loop 152 being connected between ground potential and a branch 1547 of the voltage divider. A resistor 1545 is connected between the branch 1547 of the voltage divider and the line 156. The detection circuit 15b is used for line loop monitoring and reacts to an increase in the voltage potential at branch 1547 above a second reference voltage value. Such an increase is caused by a reduction in the insulation compared to the voltage potential in the line loop 151 near branch 1547 or by creeping high resistance as a result of a progressive reduction in the line cross-section until the under-

G3199-EN

break in the line loop 152. The non-inverting input of a comparator 1551 is connected to branch 1547. The inverting input of comparator 1551 is connected to a reference voltage source 1549. The output of comparator 1551 is connected to line 159 via a negator 1553, 1555. Capacitor 1573 connected between tap 1547 and ground prevents oscillations. The voltage at tap 1547 of the voltage divider is compared in comparator 1551 with the reference voltage of reference voltage source 1549. If the voltage to be compared at tap 1547 is smaller than the reference voltage of source 1549, the comparator output remains switched to L level and field effect transistor 1553 of the negator is blocked. As a result, the output line 159 now receives operating voltage potential and the status signal is logically ΔU. However, if the voltage potential at branch 1547 is increased above the reference voltage of the reference voltage source 1549, then the comparator 1551 switches over. The comparator output is switched to ΔE level and consequently the field-effect transistor 1553 is switched through. As a result, the output line 159 is connected to ground potential and the status signal is logically ¹ O.

It is provided that the means of the detection circuit 15a are also used by the detection circuit 15b, so that a separate query line, a separate circuit means for self-holding and a circuit means for resetting the self-holding in the detection circuit 15b are omitted. For this purpose, the output line 159 of the detection circuit 15b is connected to the output line 158 of the detection circuit 15a.

The monitoring circuit 15b is constructed in principle similarly to the circuit of the unplugged detection unit 13 already known from EP 1 035 517 A2, which is described in more detail there. The monitoring circuit 15b, however, does not require any separate circuit means for self-holding and resetting.
Alternatively, a circuit can be used which provides a negated output signal. Preferably, the output lines can then be connected

&Pgr;1 &Lgr; QQ TTC ··· _n lic · · · · · ·

·

158 and 159 by means of the wired-OR operation provided in the monitoring circuit 12.
In addition to the destruction detection unit 15, an unplugged detection unit 13 is also used as event detectors, which is described in more detail in EP 1 035 517 A2. In contrast to this, however, there is no logical connection with signals from one of the other modules or functional units.

The security module which is intended for use in postal devices, particularly for use in a franking machine, is referred to as a postal security device or a security accounting device.

However, the security module can also have a different design that allows it to work in different devices. This makes it possible, for example, to be plugged into the main board of a personal computer that controls a commercially available printer as a PC franking machine.

The invention is not limited to the present embodiment, since obviously other other arrangements or embodiments of the invention can be developed or used which - starting from the same basic idea of the invention - are covered by the appended claims.

Claims (9)

1. Arrangement for protecting a security module, which has at least one main memory ( 121 ), a voltage monitoring unit ( 12 ), an unplugged detection unit ( 13 ) and a special circuit ( 160 ) which is communicatively connected to the main memory ( 121 ) via a BUS, wherein the special circuit ( 160 ) is equipped with an I/O interface for establishing a communication connection with the device, which provides a system voltage for the security module during operation, the latter being powered by a long-life battery ( 134 ) outside of its operation, wherein the aforementioned assemblies without the long-life battery ( 134 ) are enclosed in a potting compound ( 105 ) in which a membrane ( 153 ) with a first conductor loop is embedded, characterized in that an erasure hardware is connected to the main memory ( 121 ), which is equipped, to delete safety-relevant data in the main memory ( 121 ) and to prevent a data query via the bus when a deletion signal is present, that the membrane ( 153 ) has a second conductor loop ( 152 ) and that the first and second conductor loops ( 151 , 152 ) carry different potentials and are arranged closely adjacent to one another on the membrane ( 153 ), that a destruction detection unit ( 15 ) is coupled on the input side to the first and second conductor loops ( 151 , 152 ) and on the output side is linked to an output of the voltage monitoring unit ( 12 ) via a logical OR circuit in order to provide the deletion signal for the deletion hardware on a common control line (CL) when the destruction detection unit ( 15 ) responds due to at least one changed potential in one of the conductor loops ( 151 , 152 ) or the Battery voltage of the long-life battery ( 134 ) falls below a predetermined limit. 2. Arrangement according to claim 1, characterized in that the erasure hardware has an electronic switch (S) and a bus driver unit ( 127 ), that the bus driver unit is connected between the data, address and control BUS lines ( 126 , 111 , 119 ) and the data, address and control pins of the main memory ( 121 ) and can be controlled via the common control line (CL) in order to decouple the BUS from the main memory ( 121 ) when the voltage monitoring unit ( 12 ) or the destruction detection unit ( 13 ) causes the electronic switch (S) via the common control line (CL) to apply erasure voltage instead of the operating voltage to the VCC pin of the main memory ( 120 ). 3. Arrangement according to claim 2, characterized in that ground potential is applied to the main memory ( 122 ) instead of the erase voltage. 4. Arrangement according to claim 2, characterized in that digital signals are guided via driver circuits of the bus driver unit ( 127 ), which have outputs that can be switched to high impedance for decoupling the BUS and the main memory ( 122 ). 5. Arrangement according to claim 2, characterized in that a number of conductor loops ( 151 , 152 ) are arranged to protect the security module, that the destruction detection unit ( 15 ) is equipped with a corresponding number of detection circuits ( 15a , 15b ) for each of the conductor loops ( 151 , 152 ) carrying different potentials, wherein only one of the detection circuits ( 15a , 15b ) is equipped with a self-holding circuit that is effective for all, and wherein the output lines ( 158 , 159 ) of all detection circuits ( 15a , 15b ) are connected via a wired-OR connection. 6. Arrangement according to claim 5, characterized in that the switching state of all detection circuits ( 15 a, 15 b) can be interrogated by the microprocessor ( 120 ) and that the self-holding circuit is designed to be resettable. 7. Arrangement according to claim 2, characterized in that the electronic changeover switch (S) is a component of the voltage monitoring unit ( 12 ), the switching state of which is held by a self-holding circuit and can be interrogated by the microprocessor ( 120 ) and the self-holding circuit of which is designed to be resettable. 8. Arrangement according to claims 2 and 7, characterized in that field-effect transistors ( 1252 , 1253 ) connected to operating voltage potential and ground potential form the electronic switch (S). 9. Arrangement according to claim 1, characterized in that the logical OR circuit is designed as a wired-OR connection in the voltage monitoring unit ( 12 ) and forms the common control line (CL).